Re: [Trans] [trans] #80 (rfc6962-bis): Re-introduce the issuer key hash into the Precertificate
Stephen Kent <kent@bbn.com> Thu, 02 July 2015 14:00 UTC
Return-Path: <kent@bbn.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 440C81A89FA for <trans@ietfa.amsl.com>; Thu, 2 Jul 2015 07:00:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.211
X-Spam-Level:
X-Spam-Status: No, score=-4.211 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4jIPXCihQtM8 for <trans@ietfa.amsl.com>; Thu, 2 Jul 2015 07:00:13 -0700 (PDT)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0A381AC39E for <trans@ietf.org>; Thu, 2 Jul 2015 07:00:05 -0700 (PDT)
Received: from ssh.bbn.com ([192.1.122.15]:43691 helo=COMSEC-2.home) by smtp.bbn.com with esmtp (Exim 4.77 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1ZAf22-000NZT-1N; Thu, 02 Jul 2015 10:00:02 -0400
Message-ID: <559543E1.6010501@bbn.com>
Date: Thu, 02 Jul 2015 10:00:01 -0400
From: Stephen Kent <kent@bbn.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: trans issue tracker <trac+trans@tools.ietf.org>, rob.stradling@comodo.com, benl@google.com
References: <056.7955c32a9fd14002205eaf236136fda6@tools.ietf.org> <071.ac1382a23021309632a3cfb2c9ac8ce0@tools.ietf.org>
In-Reply-To: <071.ac1382a23021309632a3cfb2c9ac8ce0@tools.ietf.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/trans/TEW5LQDlaxKy9z6lBe9OB9cywyo>
Cc: trans@ietf.org
Subject: Re: [Trans] [trans] #80 (rfc6962-bis): Re-introduce the issuer key hash into the Precertificate
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jul 2015 14:00:19 -0000
Rob, I agree with your conclusoon that inclusion of the issuer public key hash will enable a browser to verify the correspondence between an SCT without interacting with a log. Even though we don't yet have a browser behavior spec, I agree that this is a good candidate behavior to enable. Do you propose this as an extension to the current SCT format, or a change to the format? If you propose a change, then I'll argue that my proposed cert type declaration and checks performed fields also should be included, since we'll be making a not backward compatible change to the SCT. If this is an (optional) extension, then I guess my proposed fields can be the second and third extensions defined. Steve > #80: Re-introduce the issuer key hash into the Precertificate > > > Comment (by rob.stradling@comodo.com): > > This problem affects browser clients and any other client that wants to > verify that an SCT corresponds to a particular cert. A browser has the > full cert chain (from the TLS handshake) and the corresponding SCTs, but > it is _not_ expected to have the full log entries (i.e. extra_data, etc). > > In the current text, the SCT is bound to the Issuer Name (because that's > in the TBSCertificate), but not to the Issuer Key (because that's not in > the TBSCertificate). > > There could exist two or more publicly-trusted intermediate CA certs with > the same Name but different Keys. One of those intermediates might be > logged, while the other(s) are not logged. Each of them could issue leaf > certs that have an identical TBSCertificate. Only one of those leaf certs > needs to be logged for there to exist SCT(s) that are valid for all of > those leaf certs. > > The logged leaf cert might get revoked, but the other(s) might not get > revoked. However, the SCT(s) would still work for all of those certs, > including the non-logged ones. > > Therefore, we need to fix SCTs so that they're bound to the Issuer Key > Hash as well as the Issuer Name. >
- [Trans] [trans] #80 (client-behavior): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… Stephen Kent
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… Rob Stradling
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker
- Re: [Trans] [trans] #80 (rfc6962-bis): Re-introdu… trans issue tracker